DIR Masthead 
Skip Navigation LinksSecurity > Incident Management > jan2012-mar2012

SIRS Monthly Incident Reports 

Number of Agencies/Universities Reporting:

January 2012
Organization Type
Incidents
No Incidents
No Report
Total
Universities 47 12 7 66
Agencies 36 24 23 83
February 2012
Organization Type
Incidents
No Incidents
No Report
Total
Universities 49 9 8 66
Agencies 36 30 17 83
March 2012
Organization Type
Incidents
No Incidents
No Report
Total
Universities 51 9 6 66
Agencies 37 27 19 83

Types of Incidents:

Types of Incidents
January 2012
 February 2012
March 2012 
Actual Infections 5,136 6,958  5,281
Unauthorized Physical Access 1 1  1
Unauthorized Information Access 6 8  8
Web Site Defacement 4  0  4
Theft of Equipment 9  8  12
Theft of Information 1  1  0
Unauthorized Use/Misuse 37  41  33
Accidental Disruption 22  13  25
Disruption or Denial of Services (DOS) 1  4 4
Other 601  2,171  1,022
Total 5,818  9,205  6,390
 

Impact of Incidents:

Month
Total Hours
Downtime Hours
Total Costs
Lost Data
January 2012
 2,969 194 $ 209,501 0
February 2012
 2,774 388 $ 151,221 0
March 2012
 4,743 367 $ 112,270 0

Incident Profiles:

Month
Detected with IDS
Internal Source
External Source
January 2012
 660,840,633 46,885 559,900,031
February 2012
 738,695,100 2,234,073 624,557,771
March 2012
 1,701,086,616 23,342 651,087,410

Malicious Code:

Malicious Code
January 2012
 February 2012
 March 2012
Viruses/Worms 179,874  284,603  207,254
Logic Bombs 245  0  2
Back Doors 153  5,046  1,994
Trojan 8,155  7,173  8,539
Adware 1,075  737  960,469
Spyware 1,385  572  67,976
Popups 4  8  5
Spam 20,518,122  20,568,524  30,702,198
Keystroke Logger 157  111  22
Phishing 214  3,104  453
SQL Injections 1,573  1,371  2,809
Cross-Site Scripting 5,204  5,258  51,854
Other Malicious Code 544,049,738  616,857,693  631,381,037

Actual Infections:

Actual Infections
January 2012
 February 2012
 March 2012
Total Workstations/Hard Drives Infected 5,119  6,928  5,259
Total Servers Infected 17  30  22
 

Server Types (Number of Systems):

Type of Systems Affected
January 2012
 February 2012
 March 2012
Critical production applications and/or data 7  8  9
Critical administrative/support applications and/or data 16  26  20
Research applications and/or data 3  8  1
Academic applications and/or data 1  10  2
External use web servers 3  7  5
Internal use web servers 6  3  2
FTP Servers 3 2  2
Email Servers 8  26  11
Print Servers 0  0  0
Other Servers 68  1,301  253
Total 115  1,391  305
 

 Response Activities and General Information:

Question
January 2012
 February 2012
 March 2012
1. Number of times were incident response plans activated 128  127  117
2. Number of times disaster recovery plans activated due to security incident 2  17  2
3. Average hours from detection to containment 189  711  260
4. Incidents with response activity logs kept 543  529  566
5. Damage to agency/university IR assets 6  6  8
5a. Number of Assets restored 6  19  7
6. Number of incidents needed outside assistance 15  12  16
7. Number of incidents resulted in new security measures 408  410  417
7a. Number of patches installed 396 402  467
7b. Number security software installed 364  361  317
7c. Number of additional policies developed 2 3  4
7d. Number other 1  0  2
8. Number incidents resulted in proliferation 48  56  69
8a. Internal Systems 0  0  1
8b. External Systems 48  55  68
9. Incidents resulted in external public awareness 6  15  3
10. Number Incidents reported to law enforcement 6  9  6
 

Top Ten Viruses:


January 2012
 February 2012 March 2012
Trojan.Gen Trojan.Gen.2 Trojan.Gen
Trojan.Horse Trojan.Maliframe!html Trojan.Swifi 
Trojan.Gen2 Trojan.Gen Trojan.Gen.2
Trojan.Maliframe!html Bloodhound.Exploit.79 Trojan Horse 
Mal/Phish-A PWS-Zbot.gen.ep Mal/Iframe-AE
Downloader Trojan Horse Bloodhound.Exploit.79 
Mal/BredoZp-B Troj/Invo-Zip Trojan.Maliframe!html
Bloodhound.Exploit.79 Mal/Phish-A Mal/Phish-A
Downloader Mal/Iframe-W Troj/Invo-Zip 
Cookie-Insightexpres Others Others